Search criteria
6 vulnerabilities found for small_business_ip_phone_firmware by cisco
FKIE_CVE-2017-12259
Vulnerability from fkie_nvd - Published: 2017-10-19 08:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA51x Series IP Phones that are running Cisco SPA51x Firmware Release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63982.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/101488 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1039615 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101488 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039615 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | small_business_ip_phone_firmware | * | |
| cisco | small_business_ip_phone | spa510 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:small_business_ip_phone_firmware:*:sr1:*:*:*:*:*:*",
"matchCriteriaId": "110DABED-231C-41CB-9B5D-AD469A026DED",
"versionEndIncluding": "7.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:small_business_ip_phone:spa510:*:*:*:*:*:*:*",
"matchCriteriaId": "4DCE9FC0-7FF3-4A6D-95E5-88430B2034B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA51x Series IP Phones that are running Cisco SPA51x Firmware Release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63982."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n de la funcionalidad Session Initiation Protocol (SIP) en Cisco Small Business SPA51x Series IP Phones podr\u00eda permitir que un atacante remoto sin autenticar haga que el dispositivo afectado no responda, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a un manejo incorrecto de los mensajes de petici\u00f3n SIP por parte de un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad enviando mensajes SIP mal formados a un dispositivo afectado. Un exploit con \u00e9xito, podr\u00eda permitir que el atacante consiga que el dispositivo afectado no responda, lo que da como resultado una condici\u00f3n de DoS que persista hasta que el dispositivo se reinicie manualmente. Esta vulnerabilidad afecta a Cisco Small Business SPA51x Series IP Phones que ejecuten la distribuci\u00f3n 7.6.2SR1 o anterior del firmware Cisco SPA51x. Cisco Bug IDs: CSCvc63982."
}
],
"id": "CVE-2017-12259",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-19T08:29:00.263",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101488"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039615"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-0333
Vulnerability from fkie_nvd - Published: 2012-05-02 10:09 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | small_business_ip_phone_firmware | * | |
| cisco | small_business_ip_phone_firmware | 7.1.7 | |
| cisco | small_business_ip_phone_firmware | 7.2.5 | |
| cisco | small_business_ip_phone_firmware | 7.3.5 | |
| cisco | small_business_ip_phone_firmware | 7.4.3 | |
| cisco | small_business_ip_phone_firmware | 7.4.4 | |
| cisco | small_business_ip_phone_firmware | 7.4.5 | |
| cisco | small_business_ip_phone_firmware | 7.4.6 | |
| cisco | small_business_ip_phone_firmware | 7.4.7 | |
| cisco | small_business_ip_phone_firmware | 7.4.8 | |
| cisco | small_business_ip_phone | spa525g | |
| cisco | small_business_ip_phone | spa525g2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEF7FB2-AA04-4793-84C9-F81A66B7472B",
"versionEndIncluding": "7.4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "741E1BF8-B26F-4D31-8116-DB304DF4A43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "77069CBA-79FB-437B-9F32-5511B8079AFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0575BEB0-5200-4B41-B9DB-6EA096DE83BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE775598-05F9-4941-A58B-1B2B1A326C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6479487-5C22-4E2B-9B96-24D30F1003EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EF6458-3D74-47A1-9F43-5BB2E6338DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "930DDF42-0C68-4DD2-A9BC-90154215FB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1D28D344-6271-4771-922F-0FE372B38EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8B223DBD-4ACF-42EA-8C65-1F4EDE0FE8AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:small_business_ip_phone:spa525g:*:*:*:*:*:*:*",
"matchCriteriaId": "FBB7F10E-753A-4203-BEE0-9A51C36323A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:small_business_ip_phone:spa525g2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1BDE56A-B57E-4B0D-B5D9-416D62B6EB57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768."
},
{
"lang": "es",
"value": "Los tel\u00e9fonos Cisco Small Business IP con SPA de la serie 500 con el firmware v7.4.9 y anteriores no requieren de autenticaci\u00f3n para solicitudes de inserci\u00f3n de XML, lo que permite a atacantes remotos para hacer llamadas telef\u00f3nicas a trav\u00e9s de un documento XML, tambi\u00e9n conocido como Bug ID CSCts08768."
}
],
"id": "CVE-2012-0333",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-02T10:09:21.847",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1027012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027012"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-12259 (GCVE-0-2017-12259)
Vulnerability from cvelistv5 – Published: 2017-10-19 08:00 – Updated: 2024-08-05 18:28
VLAI?
Summary
A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA51x Series IP Phones that are running Cisco SPA51x Firmware Release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63982.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Small Business SPA51x Series IP Phones |
Affected:
Cisco Small Business SPA51x Series IP Phones
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip"
},
{
"name": "1039615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039615"
},
{
"name": "101488",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business SPA51x Series IP Phones",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Small Business SPA51x Series IP Phones"
}
]
}
],
"datePublic": "2017-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA51x Series IP Phones that are running Cisco SPA51x Firmware Release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63982."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-20T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip"
},
{
"name": "1039615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039615"
},
{
"name": "101488",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business SPA51x Series IP Phones",
"version": {
"version_data": [
{
"version_value": "Cisco Small Business SPA51x Series IP Phones"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA51x Series IP Phones that are running Cisco SPA51x Firmware Release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63982."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip"
},
{
"name": "1039615",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039615"
},
{
"name": "101488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-12259",
"datePublished": "2017-10-19T08:00:00",
"dateReserved": "2017-08-03T00:00:00",
"dateUpdated": "2024-08-05T18:28:16.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0333 (GCVE-0-2012-0333)
Vulnerability from cvelistv5 – Published: 2012-05-02 10:00 – Updated: 2024-08-06 18:23
VLAI?
Summary
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
},
{
"name": "1027012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
},
{
"name": "1027012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-0333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf",
"refsource": "CONFIRM",
"url": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
},
{
"name": "1027012",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-0333",
"datePublished": "2012-05-02T10:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12259 (GCVE-0-2017-12259)
Vulnerability from nvd – Published: 2017-10-19 08:00 – Updated: 2024-08-05 18:28
VLAI?
Summary
A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA51x Series IP Phones that are running Cisco SPA51x Firmware Release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63982.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Small Business SPA51x Series IP Phones |
Affected:
Cisco Small Business SPA51x Series IP Phones
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip"
},
{
"name": "1039615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039615"
},
{
"name": "101488",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business SPA51x Series IP Phones",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Small Business SPA51x Series IP Phones"
}
]
}
],
"datePublic": "2017-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA51x Series IP Phones that are running Cisco SPA51x Firmware Release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63982."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-20T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip"
},
{
"name": "1039615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039615"
},
{
"name": "101488",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business SPA51x Series IP Phones",
"version": {
"version_data": [
{
"version_value": "Cisco Small Business SPA51x Series IP Phones"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA51x Series IP Phones that are running Cisco SPA51x Firmware Release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63982."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip"
},
{
"name": "1039615",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039615"
},
{
"name": "101488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-12259",
"datePublished": "2017-10-19T08:00:00",
"dateReserved": "2017-08-03T00:00:00",
"dateUpdated": "2024-08-05T18:28:16.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0333 (GCVE-0-2012-0333)
Vulnerability from nvd – Published: 2012-05-02 10:00 – Updated: 2024-08-06 18:23
VLAI?
Summary
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
},
{
"name": "1027012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
},
{
"name": "1027012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-0333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf",
"refsource": "CONFIRM",
"url": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
},
{
"name": "1027012",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-0333",
"datePublished": "2012-05-02T10:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}